Bleeping Computer

Attackers use abandoned WordPress plugin to backdoor websites

Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP ...
Threat Post

Critical WordPress e-Learning Plugin Bugs Open Door to Cheating

The flaws in LearnPress, LearnDash and LifterLMS could have allowed unauthenticated students to change their grades, cheat on tests and gain teacher privileges. Researchers have disclosed ...
Bleeping Computer

75k WordPress sites impacted by critical online course plugin flaws

The WordPress online course plugin 'LearnPress' was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. LearnPress is a learning management ...